Reprinted with permission from the June 21st edition of The Legal Intelligencer. (c) 2021 ALM Media Properties. Further duplication without permission is prohibited.
Since its enactment in 1986, employers have used the federal Computer Fraud and Abuse Act, 19 U.S.C. §1030 (“CFAA”) to vindicate violations of the employer’s workplace policies regarding use of computers, email accounts, and other electronic information by departing employees. The CFAA inevitably appeared as a claim in an employer’s complaint to address such conduct as downloading information from work computers and email accounts, or wiping devices and removing valuable information. The CFAA potentially provided relief where the information taken might not meet the definition of a “trade secret” in the federal Defend Trade Secrets Act (18 U.S.C. §1986), or Pennsylvania’s Uniform Trade Secrets Protection Act (12 P.S. § 5302). Further, and perhaps providing leverage for employers, the CFAA provided a criminal remedy for such violations. In Van Buren v. United States, 592 U.S. ___ (June 3, 2021), the United States Supreme Court may have eliminated that claim for wronged employers.
The CFAA prohibits intentionally accessing a computer with or without authorization or exceeding authorized access of a computer. The Act defines “exceeding authorized access” as accessing a computer with authorization and using that access to obtain information in the computer to which the individual is not otherwise entitled. The CFAA imposes criminal liability for violations of these prohibitions. It also imposes civil liability through a private cause of action if there is “damage,” meaning, an impairment to the integrity or availability of data, a program, a system or information.